Share this
A New Bug in Cisco Kit, Stop It Before It Takes Your's Down
by Darin Knobbe on May 3, 2020 7:04:39 PM
Something is killing a number of Cisco ASAs (Adaptive Security Appliances) after 18 months, specifically ASA5508 and ASA5516 - it’s faulty register in some of them. Today we share the news behind the failure as well as an alternative to keep your system up and running at full capacity. We've also outlined two options for mitigating your faulty Cisco kit.
As detailed by The Register, the organization has discharged a field notice with the title “Field Notice: FN - 70476 - ASA5508 and ASA5516 Security Appliances Might Fail After 18 Months or Longer Due to a Damaged Component - Hardware Upgrade Required” in which it says that models ASA5508 and ASA5516 "may fail in Operation, following a year and a half or more, because of a harmed component in it."
Basically, the gadgets and the affected units were manufactured between 05-18-2017 and 08-25-2017 in which they experienced an assembling procedure issue that has prompted some of them to have a harmed resistor. The Cisco Advisory team addresses this, giving more subtleties on the issue;
"Security Appliances with a faulty resistor will work regularly on the installation and it disappointments are relied upon to increment over a long time starting after the unit has been in activity for around 18 months. When the security appliance has malfunctioned, the unit will not work anymore, won't boot, and isn't recoverable."
Affected Product ID
- ASA5508-FTD-K9
- ASA5508-K9
- ASA5508-K8
- ASA5516-FPWR-K9
- ASA5516-FTD-K9
- ASA5516-FPWR-K8
The Bugs Id in the Cisco database for this is mentioned below;
| Defect ID | Headline |
| CSCvt82285 |
ASA5508 and ASA5516 Might Fail After 18 Months or Longer Due to a Damaged Component |
So how you can find out that this is the problem with your model via symptoms?
- The security appliance no longer functions and the system fails to boot. There will be no output from the console port.
- In addition, the LED status indicators on the security appliance illuminate as follows:
- Power LED is green
- Status LED is amber and blinking
Unfortunately, there is no workaround for the faulty appliance. Instead, the following is suggested:
- Cisco recommends proactive replacement for the affected ASA5508 and ASA5516 security appliances. There is no workaround for this issue.
- Clients should request swaps for the afftected product(s) with the order form gave in the Upgrade Program segment of this field notice.
- For clients, that demand substitutions of products note that the License Activation key is attached to the ASA chassis Serial number. Contact the Cisco Licensing Team so as to have your present License moved to the substitution Chassis Serial number. The Cisco Licensing Team will request the PAK (Product Authorization Key) reference number and current Serial number.
Verification from the serial number if it can be from those units
This field notice gives the capacity to distinguish if the Serial number(s) of an appliance is affected by this issue. To check if your item is conceivably influenced by this issue, inspect the chassis serial number of the security appliance.
The chassis serial number can be acquired from the CLI or through a visual review of the security appliance. For units that are faulty because of this issue, a visual investigation of the security appliance or audit of the Sales Order documentation is required.
CLI
In the CLI of the ASA you just need to enter the command “show inventory”
The output will be as such:
asa> show inventory
Name: "Chassis", DESCR: "ASA 5508-X with FirePOWER services, 8GE, AC, DES"
PID: ASA5508 , VID: V01 , SN: JMXXXXXXXXD
Note The show version command should not be used in order to avoid Cisco bug ID CSCtz56314 (ASA5500-X Chassis Serial Number Not Visible from CLI).
Visual Inspection of the ASA Security Appliance
The serial number information is located on the bottom surface of the appliance.
In order to verify your serial number(s), enter it in the Serial Number Validation Tool.
About the Upgrade Program
For ASA5508 and ASA5516 Security Appliances
A separate Form must be filled out for each unique Ship to Address.
A unique Upgrade Order Reference Number will accommodate each Form submission and can be utilized to ask about request status.
Please enter one or more valid Serial Numbers into the Form.
You will receive an acknowledgement email immediately after submitting the Form with a Request #. Depending on material availability, both you AND the Customer email address will receive a confirmation email with Order# in 7 to 10 days. UMPIRE orders are proactive replacements and do NOT adhere to normal SLAs or Service Contracts.
NOTE: If your Ship to Address is in the accompanying countries, it would be ideal if you expect deferrals of as long as 3 months relying upon importation guidelines: Argentina, Brazil, Columbia, Mexico, Venezuela, India, All countries in Asia (for example Singapore, Malaysia, Hong Kong, China, Vietnam, Korea, Thailand, Philippines), and all non-EU countries (ie: UAE, Russia, Turkey). You will get your Order# around then. Much thanks to you for your understanding as this procedure is valuable for the client; it will spare them the expense of tank/obligation in these nations (which is exceptionally high).
On the off chance that you were provided a Sales Order Number for the shipment of your new parts, if you don't mind allude to the SO Status Tool (Please note: you should have a CCO User ID and Password to get to this site):
https://cisco-apps.cisco.com/cisco/psn/business
If you were given an RMA Number for the shipment of your replacement parts, please refer to the "Service Order QuickSearch" Tool at the following location (Please note: you must have a CCO User ID and Password to access this site):
http://tools.cisco.com/support/serviceordertool/home.svo
In the event that you have not gotten an email with an Order# following 10 days, please send an email with your Request#(s) and Customer in the Subject line to: umpire-escalations@cisco.com
The upgrade form is for the replacement is below:
Note: Fields marked with an asterisk (*) are required fields.
| Requester Information | |
|
*Name |
|
| *E-mail Address | |
| TAC SR Number | |
| Customer Shipping Information | |
| *Company | |
| *Address | |
| Address_line2 | |
| *City | |
| *State/Providence | |
| *ZIP/Postal Code | |
| *Country | |
| Product | Affected Product | *Quantity | *Serial#(2) | Replacement PID |
| ASA5508-FTD-K9 | ASA5508-K9 | |||
| ASA5508-K9 | ASA5508-K9 | |||
| ASA5508-K8 | ASA5508-K8 | |||
| ASA5516-FPWR-K9 | ASA5516-FPWR-K9 | |||
| ASA5516-FTD-K9 | ASA5516-FPWR-K9 | |||
| ASA5516-FPWR-K8 | ASA5516-FPWR-K8 |
| Customer Contact Information | |
| *First Name | |
| *Last Name | |
| *Phone(1) | Ext. |
| Fax(1) | Ext. |
| Upgrade Order Reference Number | Please provide a number that you can use when inquiring about order status |
| Notes | |
1 For phone and fax, include 011 and the country code outside North America.
2 The serial number input field for each Product ID can hold up to 4,000 characters, including commas and white space. For longer lists of serial numbers, please submit additional requests.
3 For customers in Japan only, please enter the building and the floor in the address field. Also, enter the contact person's name, the telephone number and the e-mail address in the appropriate fields.
An Alternative Solution
Fortinet Network Firewalls
Next-generation firewalls (NGFW) filter network traffic to protect an organization from external threats. Fortinet competes for the industry-leading spot in Gartner's Magic Quadrant for Network Firewalls. Read the article here. Their next-generation firewalls feature VPN support, Network monitoring, packet filtering, and IP mapping.
If you're looking to strengthen your application control, boost intrusion prevention, and advance visibility across your network, chat with a representative today about a NGFW. Not only do they block malware, but give you flexibility to evolve with the landscape and keep your network secure as new threats arise.
Enterprise Firewalls
On the Enterprise Level, Fortinet offers an NGFW that inspects traffic as it enters and leaves the network, enables security-driven networking, and consolidates industry-leading security capabilities. Automated threat protection, intrusion prevention system, web filtering, and secure sockets layer inspections, are all included in the Enterprise Firewalls. An integral part of the NGFWs is their ability to communicate within the Fortinet Security Fabric as well as third-party solutions, sharing threat intelligence while improving security posture.
Chat with us today about your needs. We have a team ready to answer any questions or to chat more on the network security and firewalls that best suit your needs! Need to get in touch quicker than a phone call? No worries, leave a quick comment below.
Share this
- Configuration Guides (47)
- Cisco Routers (29)
- Switches (27)
- Network Security (23)
- Cisco Switches (21)
- Routing Protocols (21)
- Routers (20)
- Cisco (19)
- Product Comparisons (19)
- Firewall (18)
- Cisco Security (17)
- Cisco Technical Information (17)
- IT Hardware Solutions (17)
- Network Protocols (17)
- Wireless (17)
- Security (15)
- OneCall (13)
- Servers (12)
- cisco asa (12)
- Cisco Wireless (11)
- Router Protocols (11)
- Cisco Catalyst (9)
- Cisco UCS (9)
- Upgrading Network (9)
- Cisco Servers (8)
- Product Highlight (8)
- Access Control Lists (7)
- Fortinet (7)
- Server Comparisons (7)
- Access Points (6)
- Arista Networks (6)
- OSPF (6)
- Wireless APs (6)
- Cisco ASR (5)
- Cloud Solutions (5)
- HPE-Aruba Wireless (5)
- Juniper Mist (5)
- Network Management (5)
- SD-WAN (5)
- Storage (5)
- Switch Comparison (5)
- Back To Basics (4)
- Cybersecurity (4)
- EIGRP (4)
- Firewall Architecture (4)
- HSRP (4)
- Juniper Networks (4)
- Network Automation (4)
- Network Servers (4)
- OEM Comparison (4)
- Aruba Central (3)
- Cisco Telephony (3)
- DHCP (3)
- DHCP Snooping (3)
- Dell EMC PowerEdge (3)
- Internet (3)
- Maintenance (3)
- Maintenance Renewal (3)
- Network Accessories (3)
- TPM (3)
- Telephony (3)
- aruba (3)
- Cisco NX-OS (2)
- Cisco Nexus (2)
- Dell Servers (2)
- Fortinet NGFWs (2)
- IT Trends (2)
- LAN Networks (2)
- Network Time Protocol (2)
- Palo Alto NGFWs (2)
- Rapid PVST+ (2)
- Remote Configuration (2)
- Software Defined Networking (2)
- WLAN (2)
- Ways to Save (2)
- fortigate (2)
- Asset Management (1)
- CPU Usage (1)
- Cisco AIR-CT (1)
- Cisco Aironet (1)
- Cisco DNA (1)
- Cisco ISR (1)
- Cisco Supervisor Engines (1)
- Cisco UCS Manager (1)
- Cognitive Campus (1)
- Cost of Downtime (1)
- Dell EMC Data Domain (1)
- Edge Switches (1)
- Fabric Extenders (1)
- GRE Tunnel (1)
- HPE BL (1)
- Juniper SRX (1)
- Nexus Switches (1)
- Nutanix (1)
- Optics (1)
- PowerEdge R740xd (1)
- STP Extension (1)
- Sparing Integrity Program (1)
- Switched Virtual Interface (1)
- TCP (1)
- UCS Fabric Interconnects (1)
- hyperconverge (1)
- April 2024 (2)
- March 2024 (1)
- February 2024 (2)
- January 2024 (1)
- December 2023 (1)
- November 2023 (2)
- October 2023 (1)
- September 2023 (3)
- August 2023 (5)
- July 2023 (2)
- June 2023 (4)
- May 2023 (5)
- April 2023 (8)
- March 2023 (7)
- February 2023 (5)
- January 2023 (2)
- December 2022 (3)
- November 2022 (3)
- October 2022 (8)
- September 2022 (9)
- August 2022 (9)
- July 2022 (8)
- June 2022 (9)
- May 2022 (5)
- April 2022 (3)
- March 2022 (1)
- February 2022 (2)
- November 2021 (2)
- October 2021 (1)
- September 2021 (2)
- August 2021 (2)
- July 2021 (3)
- June 2021 (2)
- May 2021 (4)
- April 2021 (4)
- March 2021 (2)
- February 2021 (1)
- January 2021 (2)
- December 2020 (2)
- November 2020 (2)
- October 2020 (2)
- September 2020 (2)
- August 2020 (4)
- July 2020 (5)
- June 2020 (4)
- May 2020 (6)
- April 2020 (2)
- March 2020 (1)
- February 2020 (2)
- January 2020 (2)
- December 2019 (1)
- May 2019 (2)
- April 2019 (5)
- February 2019 (1)
- January 2019 (3)
- December 2018 (1)
No Comments Yet
Let us know what you think